Password updating and expiration ····················································································································· 79

User login control ·················································································································································· 80

Password not displayed in any form ··················································································································· 80

Logging ··································································································································································· 80

FIPS compliance ····························································································································································· 81

Password control configuration task list ······················································································································· 81

Enabling password control ··········································································································································· 81

Setting global password control parameters ·············································································································· 82

Setting user group password control parameters ······································································································· 83

Setting local user password control parameters ········································································································· 84

Setting super password control parameters ················································································································ 84

Displaying and maintaining password control ··········································································································· 85

Password control configuration example ···················································································································· 85

Managing public keys ··············································································································································· 89

Overview ········································································································································································· 89

Creating a local key pair ·············································································································································· 90

Configuration guidelines ······································································································································ 90

Configuration procedure ······································································································································ 90

Distributing a local host public key ······························································································································ 91

Exporting a host public key in a specific format to a file ·················································································· 91

Displaying a host public key in a specific format and saving it to a file ························································ 91

Displaying a host public key ································································································································ 92

Destroying a local key pair ··········································································································································· 92

Configuring a peer public key ······································································································································ 93

Importing a peer host public key from a public key file ···················································································· 93

Entering a peer public key ··································································································································· 93

Displaying and maintaining public keys ····················································································································· 94

Example for inputting a peer public key ····················································································································· 94

Example for importing a public key from a public key file ······················································································· 96

Configuring PKI ·························································································································································· 99

PKI terminology ······················································································································································ 99

PKI architecture ···················································································································································· 100

PKI operation ······················································································································································· 101

PKI applications ··················································································································································· 101

Support for MPLS L3VPN ···································································································································· 101

PKI configuration task list ············································································································································ 102

Configuring a PKI entity ·············································································································································· 102

Configuring a PKI domain ··········································································································································· 103

Requesting a certificate ··············································································································································· 105

Configuring automatic certificate request ········································································································· 106

Manually requesting a certificate ······················································································································ 107

Aborting a certificate request ····································································································································· 108

Obtaining certificates ·················································································································································· 108

Configuration prerequisites ································································································································ 108

Verifying PKI certificates ·············································································································································· 109

Verifying certificates with CRL checking ··········································································································· 109

Verifying certificates without CRL checking ······································································································ 110

Specifying the storage path for the certificates and CRLs ······················································································· 110

iii